I’ve been using Mikrotik devices at home for 8 years now, but with relatively simple setup, Wireguard and basic firewall rules are most advanced things I’ve done ( not a networking expert)
So I finally want to introduce some segmentation into my network by using VLAN’s, but that would also require some transparency between VLAN’s -
e.g. smart home hub (Apple HomeKit) sitting in my “protected” VLAN to be able to reach out to that chinese smart switch to control it, but not allowing the switch to go to the Internet or to connect to devices in my “protected” LAN.
Worth noting that proverbial chinese switch can’t connect to internet now - I have FW rule to only allow its access to lan /24, but that certainly is not robust enough.
The question really is:
- what are high level steps / Mikrotik features to use for me to accomplish that?
I.e. VLAN with separate DHCP for “smart home” and then some kind of special interVLAN firewall rules or it would be more advanced?
Would really appreciate any high level guidance as there’s a ton of overwhelming guidance and all I’ve managed to do so far is lock myself out of my old HAP AC that I was using for VLAN experiments 
Thank you!